A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.
An attacker with access to the management network can exploit a heap buffer overflow vulnerability (CWE-122) in the camera firmware, which involves writing data beyond the boundaries of an allocated buffer on the heap. By manipulating appropriately crafted input data, the attacker can overwrite critical memory structures and take control of code execution on the device. The vulnerability does not require authentication or user interaction.
An attacker can remotely execute arbitrary code on the device (RCE), which in practice means complete takeover of the camera, violation of data confidentiality and integrity, and the ability to disrupt its operation.
UniFi Protect camera firmware should be updated as soon as possible to a version newer than 4.75.43. The manufacturer published detailed information about available patches in a security bulletin available at the address indicated in the references. Additionally, it is recommended to restrict access to the management network exclusively to trusted hosts through network segmentation and firewall rules.
UniFi Protect Cameras with firmware version 4.75.43 and earlier.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H